package com.roncoo.education.oauth.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;

import com.roncoo.education.oauth.point.AuthExceptionEntryPoint;
import com.roncoo.education.oauth.point.CustomAccessDeniedHandler;
import com.roncoo.education.oauth.point.CustomTokenExtractor;

/**
 * @author 千城丶Y
 * @className : ResourceServer
 * @PACKAGE_NAME : com.bjpowernode.config
 * @date : 2022/9/22 0:00
 * @Description TODO 基于JWT令牌认证 ，资源配置服务器
 */
@Configuration
@EnableResourceServer // 启动资源服务器
public class JWTResourceServer extends ResourceServerConfigurerAdapter {
    /**
     * 基于JWT的认证
     * @return
     */
	@Autowired
	public TokenStore tokenStore;
	
//    @Autowired
//    CustomTokenExtractor customTokenExtractor;

    @Autowired
    AuthExceptionEntryPoint authExceptionEntryPoint;

    @Autowired
    CustomAccessDeniedHandler customAccessDeniedHandler;


	// 使用同一个密钥来编码 JWT OAuth2 令牌
//	@Bean
//	public JwtAccessTokenConverter jwtAccessTokenConverter() {
//		JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
//		jwtAccessTokenConverter.setSigningKey("123"); // 可以采用属性注入方式，生产中建议加密 ，密钥的key 很重要
//		return jwtAccessTokenConverter;
//	}

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
		resources.tokenStore(tokenStore);
		
//		resources.tokenExtractor(customTokenExtractor);
		resources.authenticationEntryPoint(authExceptionEntryPoint)
        .accessDeniedHandler(customAccessDeniedHandler);

	}
}